[libvirt] [PATCH v3 5/7] tests: Add various network and volume definitions

Osier Yang jyang at redhat.com
Mon Jul 22 11:06:39 UTC 2013 

On 19/07/13 20:32, John Ferlan wrote:
> Although they produce no seclabel data, add some tests for coverage of
> various network and volume disk definitions
> ---
>   tests/securityselinuxlabeldata/netdisks.txt |  5 +++
>   tests/securityselinuxlabeldata/netdisks.xml | 58 +++++++++++++++++++++++++++++
>   tests/securityselinuxlabeldata/voldisks.txt |  5 +++
>   tests/securityselinuxlabeldata/voldisks.xml | 45 ++++++++++++++++++++++
>   tests/securityselinuxlabeltest.c            |  2 +
>   5 files changed, 115 insertions(+)
>   create mode 100644 tests/securityselinuxlabeldata/netdisks.txt
>   create mode 100644 tests/securityselinuxlabeldata/netdisks.xml
>   create mode 100644 tests/securityselinuxlabeldata/voldisks.txt
>   create mode 100644 tests/securityselinuxlabeldata/voldisks.xml
>
> diff --git a/tests/securityselinuxlabeldata/netdisks.txt b/tests/securityselinuxlabeldata/netdisks.txt
> new file mode 100644
> index 0000000..b6bf95f
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/netdisks.txt
> @@ -0,0 +1,5 @@
> +/nbd.raw;
> +/iscsi.raw;
> +/rbd.raw;
> +/sheepdog.raw;
> +/gluster.raw;
> diff --git a/tests/securityselinuxlabeldata/netdisks.xml b/tests/securityselinuxlabeldata/netdisks.xml
> new file mode 100644
> index 0000000..ab5e964
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/netdisks.xml
> @@ -0,0 +1,58 @@
> +<domain type='kvm'>
> +  <name>vm1</name>
> +  <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
> +  <memory unit='KiB'>219200</memory>
> +  <os>
> +    <type arch='i686' machine='pc-1.0'>hvm</type>
> +    <boot dev='cdrom'/>
> +  </os>
> +  <devices>
> +      <disk type='network' device='disk'>
> +        <driver name='qemu' type='raw'/>
> +        <source protocol='nbd' file="/nbd.raw">
> +          <host name='example.org' port='6000'/>
> +        </source>
> +      <target dev='vda' bus='virtio'/>
> +    </disk>
> +    <disk type='network' device='disk'>
> +      <driver name='qemu' type='raw'/>
> +      <source protocol='iscsi' name='iqn.1992-01.com.example/1' file="/iscsi.raw">

i'm not clear with the security tests, but this xml looks incorrect.  
"file" is one
way to represent the disk source, it's exclusive with other ways (e.g. 
protocol/name
here) in semantics. similar for below. why do you use both "file" and 
other ways
for disk source represention together?

> +        <host name='example.org' port='6000'/>
> +      </source>
> +      <target dev='vdb' bus='virtio'/>
> +    </disk>
> +    <disk type='network'>
> +      <driver name="qemu" type="raw"/>
> +      <source protocol="rbd" name="image_name2" file="/rbd.raw">
> +          <host name="hostname" port="7000"/>
> +      </source>
> +      <target dev="hdb" bus="ide"/>
> +      <auth username='myuser'>
> +        <secret type='ceph' usage='mypassid'/>
> +      </auth>
> +    </disk>
> +    <disk type='network'>
> +      <driver name="qemu" type="raw"/>
> +      <source protocol="sheepdog" name="image_name" file="/sheepdog.raw">
> +          <host name="hostname" port="7000"/>
> +      </source>
> +      <target dev="hdb" bus="ide"/>
> +    </disk>
> +    <disk type='network' device='disk'>
> +      <driver name='qemu' type='raw'/>
> +      <source protocol='gluster' name='Volume/Image' file='/gluster.raw'>
> +        <host name='example.org' port='6000' transport='tcp'/>
> +      </source>
> +      <target dev='vda' bus='virtio'/>
> +    </disk>
> +
> +    <input type='mouse' bus='ps2'/>
> +    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
> +      <listen type='address' address='0.0.0.0'/>
> +    </graphics>
> +  </devices>
> +  <seclabel model="selinux" type="dynamic" relabel="yes">
> +    <label>system_u:system_r:svirt_t:s0:c41,c264</label>
> +    <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
> +  </seclabel>
> +</domain>
> diff --git a/tests/securityselinuxlabeldata/voldisks.txt b/tests/securityselinuxlabeldata/voldisks.txt
> new file mode 100644
> index 0000000..bd5d755
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/voldisks.txt
> @@ -0,0 +1,5 @@
> +/file.raw;
> +/disk.raw;
> +/host.raw;
> +/direct.raw;
> +/cdrom.raw;
> diff --git a/tests/securityselinuxlabeldata/voldisks.xml b/tests/securityselinuxlabeldata/voldisks.xml
> new file mode 100644
> index 0000000..ae7e629
> --- /dev/null
> +++ b/tests/securityselinuxlabeldata/voldisks.xml
> @@ -0,0 +1,45 @@
> +<domain type='kvm'>
> +  <name>vm1</name>
> +  <uuid>c7b3edbd-edaf-9455-926a-d65c16db1800</uuid>
> +  <memory unit='KiB'>219200</memory>
> +  <os>
> +    <type arch='i686' machine='pc-1.0'>hvm</type>
> +    <boot dev='cdrom'/>
> +  </os>
> +  <devices>
> +    <disk type='volume' device='disk'>
> +      <driver name='qemu' type='raw'/>
> +      <source pool='dir-pool0' volume='dir-pool0-vol0' file='/file.raw'/>
> +      <target dev='hda' bus='ide'/>
> +    </disk>
> +    <disk type='volume' device='disk'>
> +      <driver name='qemu' type='raw'/>
> +      <source pool='dir-pool0' volume='dir-pool0-vol0' mode='host' file='/host.raw'/>
> +      <target dev='hda' bus='ide'/>
> +    </disk>
> +    <disk type='volume' device='disk'>
> +      <driver name='qemu' type='raw'/>
> +      <source pool='dir-pool0' volume='dir-pool0-vol0' mode='direct' file='/direct.raw'/>
> +      <target dev='hda' bus='ide'/>
> +    </disk>
> +    <disk type='volume' device='disk'>
> +      <driver name='qemu' type='raw'/>
> +      <source pool='blk-pool0' volume='blk-pool0-vol0' file='/plain.raw'/>
> +      <target dev='hda' bus='ide'/>
> +    </disk>
> +    <disk type='volume' device='cdrom'>
> +      <driver name='qemu' type='raw'/>
> +      <source pool='blk-pool0' volume='blk-pool0-vol1' file='/cdrom.raw'/>
> +      <target dev='hda' bus='ide'/>
> +      <readonly/>
> +    </disk>
> +    <input type='mouse' bus='ps2'/>
> +    <graphics type='vnc' port='-1' autoport='yes' listen='0.0.0.0'>
> +      <listen type='address' address='0.0.0.0'/>
> +    </graphics>
> +  </devices>
> +  <seclabel model="selinux" type="dynamic" relabel="yes">
> +    <label>system_u:system_r:svirt_t:s0:c41,c264</label>
> +    <imagelabel>system_u:object_r:svirt_image_t:s0:c41,c264</imagelabel>
> +  </seclabel>
> +</domain>
> diff --git a/tests/securityselinuxlabeltest.c b/tests/securityselinuxlabeltest.c
> index efe825a..8c88cfd 100644
> --- a/tests/securityselinuxlabeltest.c
> +++ b/tests/securityselinuxlabeltest.c
> @@ -332,6 +332,8 @@ mymain(void)
>       setcon((security_context_t)"system_r:system_u:libvirtd_t:s0:c0.c1023");
>   
>       DO_TEST_LABELING("disks");
> +    DO_TEST_LABELING("netdisks");
> +    DO_TEST_LABELING("voldisks");
>       DO_TEST_LABELING("kernel");
>       DO_TEST_LABELING("chardev");
>

More information about the libvir-list mailing list